Package org.apache.nifi.security.util
Class StandardTlsConfiguration
java.lang.Object
org.apache.nifi.security.util.StandardTlsConfiguration
- All Implemented Interfaces:
TlsConfiguration
This class serves as a concrete immutable domain object (acting as an internal DTO)
for the various keystore and truststore configuration settings necessary for
building
SSLContext
s.-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionprivate final String
private final String
private final String
private final KeystoreType
private static final String
private static final String
private final String
protected static final String
protected static final String
private static final String
private final String
private final String
private final KeystoreType
-
Constructor Summary
ConstructorDescriptionDefault constructor present for testing and completeness.StandardTlsConfiguration
(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType) Instantiates a container object with the given configuration values.StandardTlsConfiguration
(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) Instantiates a container object with the given configuration values.StandardTlsConfiguration
(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.StandardTlsConfiguration
(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) Instantiates a container object with the given configuration values.StandardTlsConfiguration
(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.Instantiates a container object with a deep copy of the given configuration values. -
Method Summary
Modifier and TypeMethodDescriptionboolean
static TlsConfiguration
fromNiFiProperties
(Properties niFiProperties) Returns aTlsConfiguration
instantiated from the relevant NiFi properties.static TlsConfiguration
fromNiFiProperties
(NiFiProperties niFiProperties) Returns aTlsConfiguration
instantiated from the relevant NiFi properties.static StandardTlsConfiguration
fromNiFiPropertiesTruststoreOnly
(NiFiProperties niFiProperties) Returns aTlsConfiguration
instantiated from the relevantNiFiProperties
properties for the truststore only.String[]
Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocolprivate URL
getFileUrl
(String path) Returns the "working" key password -- if the key password is populated, it is returned; otherwise thegetKeystorePassword()
is returned.Returns"********"
if the functional key password is populated,"null"
if not.Returns"********"
if the key password is populated,"null"
if not.Returns"********"
if the keystore password is populated,"null"
if not.String[]
Returns aString[]
containing the keystore properties for logging.Returns"********"
if the truststore password is populated,"null"
if not.String[]
Returns aString[]
containing the truststore properties for logging.int
hashCode()
boolean
Returnstrue
if any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.private boolean
isAnyPopulated
(String path, String password, KeystoreType type) boolean
Returnstrue
if any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.boolean
Returnstrue
if the necessary properties are populated to instantiate a keystore.boolean
Returnstrue
if the necessary properties are populated and the keystore can be successfully instantiated (i.e.private boolean
isStorePopulated
(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) private boolean
isStoreValid
(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) boolean
Returnstrue
if the necessary properties are populated to instantiate a truststore.boolean
Returnstrue
if the necessary properties are populated and the truststore can be successfully instantiated (i.e.private static String
maskPasswordForLog
(String password) toString()
-
Field Details
-
SSL_PROTOCOL
- See Also:
-
TLS_PROTOCOL
- See Also:
-
TLS_PROTOCOL_VERSION
-
MASKED_PASSWORD_LOG
- See Also:
-
NULL_LOG
- See Also:
-
keystorePath
-
keystorePassword
-
keyPassword
-
keystoreType
-
truststorePath
-
truststorePassword
-
truststoreType
-
protocol
-
-
Constructor Details
-
StandardTlsConfiguration
public StandardTlsConfiguration()Default constructor present for testing and completeness. -
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath
- the keystore pathkeystorePassword
- the keystore passwordkeystoreType
- the keystore typetruststorePath
- the truststore pathtruststorePassword
- the truststore passwordtruststoreType
- the truststore type
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath
- the keystore pathkeystorePassword
- the keystore passwordkeyPassword
- the key passwordkeystoreType
- the keystore typetruststorePath
- the truststore pathtruststorePassword
- the truststore passwordtruststoreType
- the truststore type
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath
- the keystore pathkeystorePassword
- the keystore passwordkeyPassword
- the key passwordkeystoreType
- the keystore type as a StringtruststorePath
- the truststore pathtruststorePassword
- the truststore passwordtruststoreType
- the truststore type as a String
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) Instantiates a container object with the given configuration values.- Parameters:
keystorePath
- the keystore pathkeystorePassword
- the keystore passwordkeyPassword
- the (optional) key password -- ifnull
, the keystore password is assumed the same for the individual keykeystoreType
- the keystore type as a StringtruststorePath
- the truststore pathtruststorePassword
- the truststore passwordtruststoreType
- the truststore type as a Stringprotocol
- the TLS protocol version string
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) Instantiates a container object with the given configuration values.- Parameters:
keystorePath
- the keystore pathkeystorePassword
- the keystore passwordkeyPassword
- the (optional) key password -- ifnull
, the keystore password is assumed the same for the individual keykeystoreType
- the keystore typetruststorePath
- the truststore pathtruststorePassword
- the truststore passwordtruststoreType
- the truststore typeprotocol
- the TLS protocol version string
-
StandardTlsConfiguration
Instantiates a container object with a deep copy of the given configuration values.- Parameters:
other
- the configuration to copy
-
-
Method Details
-
fromNiFiProperties
Returns aTlsConfiguration
instantiated from the relevant NiFi properties.- Parameters:
niFiProperties
- the NiFi properties- Returns:
- a populated TlsConfiguration container object
-
fromNiFiProperties
Returns aTlsConfiguration
instantiated from the relevant NiFi properties.- Parameters:
niFiProperties
- the NiFi properties, as a simple java.util.Properties object- Returns:
- a populated TlsConfiguration container object
-
fromNiFiPropertiesTruststoreOnly
public static StandardTlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) Returns aTlsConfiguration
instantiated from the relevantNiFiProperties
properties for the truststore only. No keystore properties are read or used.- Parameters:
niFiProperties
- the NiFi properties- Returns:
- a populated TlsConfiguration container object
-
getKeystorePath
- Specified by:
getKeystorePath
in interfaceTlsConfiguration
-
getKeystorePassword
- Specified by:
getKeystorePassword
in interfaceTlsConfiguration
-
getKeystorePasswordForLogging
Returns"********"
if the keystore password is populated,"null"
if not.- Specified by:
getKeystorePasswordForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String representation of the keystore password
-
getKeyPassword
- Specified by:
getKeyPassword
in interfaceTlsConfiguration
-
getKeyPasswordForLogging
Returns"********"
if the key password is populated,"null"
if not.- Specified by:
getKeyPasswordForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String representation of the key password
-
getFunctionalKeyPassword
Returns the "working" key password -- if the key password is populated, it is returned; otherwise thegetKeystorePassword()
is returned.- Specified by:
getFunctionalKeyPassword
in interfaceTlsConfiguration
- Returns:
- the key or keystore password actually populated
-
getFunctionalKeyPasswordForLogging
Returns"********"
if the functional key password is populated,"null"
if not.- Specified by:
getFunctionalKeyPasswordForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String representation of the functional key password
-
getKeystoreType
- Specified by:
getKeystoreType
in interfaceTlsConfiguration
-
getTruststorePath
- Specified by:
getTruststorePath
in interfaceTlsConfiguration
-
getTruststorePassword
- Specified by:
getTruststorePassword
in interfaceTlsConfiguration
-
getTruststorePasswordForLogging
Returns"********"
if the truststore password is populated,"null"
if not.- Specified by:
getTruststorePasswordForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String representation of the truststore password
-
getTruststoreType
- Specified by:
getTruststoreType
in interfaceTlsConfiguration
-
getProtocol
- Specified by:
getProtocol
in interfaceTlsConfiguration
-
isKeystorePopulated
public boolean isKeystorePopulated()Returnstrue
if the necessary properties are populated to instantiate a keystore. This does not validate the values (seeisKeystoreValid()
).- Specified by:
isKeystorePopulated
in interfaceTlsConfiguration
- Returns:
- true if the path, password, and type are present
-
isAnyKeystorePopulated
public boolean isAnyKeystorePopulated()Returnstrue
if any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.- Specified by:
isAnyKeystorePopulated
in interfaceTlsConfiguration
- Returns:
- true if any keystore properties are present
-
isKeystoreValid
public boolean isKeystoreValid()Returnstrue
if the necessary properties are populated and the keystore can be successfully instantiated (i.e. the path is valid and the password(s) are correct).- Specified by:
isKeystoreValid
in interfaceTlsConfiguration
- Returns:
- true if the keystore properties are valid
-
isTruststorePopulated
public boolean isTruststorePopulated()Returnstrue
if the necessary properties are populated to instantiate a truststore. This does not validate the values (seeisTruststoreValid()
).- Specified by:
isTruststorePopulated
in interfaceTlsConfiguration
- Returns:
- true if the path, password, and type are present
-
isAnyTruststorePopulated
public boolean isAnyTruststorePopulated()Returnstrue
if any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.- Specified by:
isAnyTruststorePopulated
in interfaceTlsConfiguration
- Returns:
- true if any truststore properties are present
-
isTruststoreValid
public boolean isTruststoreValid()Returnstrue
if the necessary properties are populated and the truststore can be successfully instantiated (i.e. the path is valid and the password is correct).- Specified by:
isTruststoreValid
in interfaceTlsConfiguration
- Returns:
- true if the truststore properties are valid
-
getKeystorePropertiesForLogging
Returns aString[]
containing the keystore properties for logging. The order isgetKeystorePath()
,getKeystorePasswordForLogging()
,getFunctionalKeyPasswordForLogging()
,getKeystoreType()
(using the type or "null").- Specified by:
getKeystorePropertiesForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String[]
-
getTruststorePropertiesForLogging
Returns aString[]
containing the truststore properties for logging. The order isgetTruststorePath()
,getTruststorePasswordForLogging()
,getTruststoreType()
(using the type or "null").- Specified by:
getTruststorePropertiesForLogging
in interfaceTlsConfiguration
- Returns:
- a loggable String[]
-
getEnabledProtocols
Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocol- Specified by:
getEnabledProtocols
in interfaceTlsConfiguration
- Returns:
- Enabled TLS Protocols
-
toString
-
equals
-
hashCode
public int hashCode() -
maskPasswordForLog
-
isAnyPopulated
-
isStorePopulated
private boolean isStorePopulated(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) -
isStoreValid
private boolean isStoreValid(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) -
getFileUrl
-